Rip version 2
Does rip version 2 also use the wild card mask in a classless situation?
I figured it out. When I configur "no auto-summary" on each router it behaves nicely with per packet load balancing. I guess I needed to get rid of the summarized routes listing /24 for my VLSMed 4.0 4.4 /30 networks.
Thanks
Similar Messages
-
I just bought this router ... Never experience the overheating problem posted by other users, router is pretty cold, even after 3 days on In Italy the street price is quite expensive (180€ / 232$) but works great on 2.4G (5G suffer serious lack of coverage)
Just two question
1. Wich RIP version the router uses?
2 There is a way to have SNMP enabled?1. It uses RIP Version 1...
2. The router(WRT610N) does not support SNMP... -
I have a lab scenario, that is confusing me greatly. I can get per packet load-balancing working when I ping from R2 to interfaces in the 192.168.1.0/30. However, when I'm pinging from R3 , I can't packet load-balance to interfaces in 192.168.4.0/30. I also can't packet load-balance from R1 pinging to interfaces in 192.168.4.4/30. Am I doing something wrong? Thanks...
I have three routers: R1, R2, R3.
R1: Eth0 192.168.1.1/30 connected to R3 eth0
R1: Ser0 192.168.4.1/30 connect to R2 Ser0
R2: Ser0 192.168.4.2/30 connect to R1 Ser0
R2: Ser1 192.168.4.5/30 connect to R3 Ser0
R3: Eth0 192.168.1.2/30 connect to R1 eth0
R3: Ser0 192.168.4.6/30 connect to R2 Ser1
All of the routers run:
2500 Software (C2500-I-L), Version 12.2(29a), RELEASE SOFTWARE (fc1)
Configs for R1, R2, R3 are attached as a plain text file and listed below:
R1 config:
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service udp-small-servers
service tcp-small-servers
hostname R1
ip subnet-zero
ip host R1 192.168.1.1
ip host R2 192.168.4.2
ip host R3 192.168.1.2
interface Ethernet0
ip address 192.168.1.1 255.255.255.252
no ip route-cache
no ip mroute-cache
interface Serial0
ip address 192.168.4.1 255.255.255.252
no ip route-cache
no ip mroute-cache
interface Serial1
no ip address
no ip mroute-cache
shutdown
interface Serial2
no ip address
no ip mroute-cache
shutdown
interface Serial3
no ip address
no ip mroute-cache
shutdown
interface BRI0
no ip address
encapsulation hdlc
no ip mroute-cache
shutdown
router rip
version 2
network 192.168.1.0
network 192.168.4.0
ip classless
no ip http server
line con 0
line aux 0
line vty 0 4
end
R2 config:
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
hostname R2
ip subnet-zero
ip host R1 192.168.1.1
ip host R2 192.168.4.2
ip host R3 192.168.1.2
interface Ethernet0
shutdown
interface Serial0
ip address 192.168.4.2 255.255.255.252
no ip route-cache
no ip mroute-cache
clockrate 56000
interface Serial1
ip address 192.168.4.5 255.255.255.252
no ip route-cache
no ip mroute-cache
clockrate 56000
interface Serial2
no ip address
shutdown
interface Serial3
no ip address
shutdown
interface Serial4
no ip address
shutdown
interface Serial5
no ip address
shutdown
interface Serial6
no ip address
shutdown
interface Serial7
no ip address
shutdown
interface Serial8
no ip address
shutdown
interface Serial9
no ip address
shutdown
interface BRI0
no ip address
encapsulation hdlc
shutdown
router rip
version 2
network 192.168.4.0
ip classless
no ip http server
line con 0
line aux 0
line vty 0 4
end
R3 config:
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
hostname R3
ip subnet-zero
ip host R2 192.168.4.2
ip host R1 192.168.1.1
ip host R3 192.168.1.2
interface Ethernet0
ip address 192.168.1.2 255.255.255.252
no ip route-cache
no ip mroute-cache
interface Serial0
ip address 192.168.4.6 255.255.255.252
no ip route-cache
no ip mroute-cache
interface Serial1
no ip address
no ip mroute-cache
shutdown
interface BRI0
no ip address
encapsulation hdlc
no ip mroute-cache
shutdown
router rip
version 2
network 192.168.1.0
network 192.168.4.0
ip classless
no ip http server
line con 0
line aux 0
line vty 0 4
endI figured it out. When I configur "no auto-summary" on each router it behaves nicely with per packet load balancing. I guess I needed to get rid of the summarized routes listing /24 for my VLSMed 4.0 4.4 /30 networks.
Thanks -
Rip version 1 with /25 redistribute with ospf
Dear all
i got a network running rip version 1 with network /25.
and if i redistribute my ospf /29 network , it cannot be summarized and redistributed. I did try area range /24 and also /25.....
but if my rip run on /24 it is ok with redistribution....Hello Samuel,
are both the RIP and the OSPF domain in the same major network ? If so, RIP won't advertise the redistributed routes, as experienced by you. A workaround would be to add a static route pointing to null, and then redistributing the static route into RIP. Here is an example, your IP addresses and networks might be different:
ip route 192.168.1.0 255.255.255.0 null0
router rip
redistribute static
metric 1
Can you try and see if this works for you ?
Regards,
GP -
I have a couple of questions about BM 3.6. I just started working with
this product and I am findgin a few weird problems with it.
1. Does RIP have to be turned on for the FW to work?
2. Why does it not do STATIC routes correctly?
3. Why do RIP route come before STATIC routes?
I have a few static routes E.G.
10.1.1.0 255.255.255.0 next hop 10.1.1.20
10.1.2.0 255.255.255.0 next hop 10.1.1.30
It seems BM or the Novell Server completely ignores the Subnet mask
altogther. I even seem this when on the first number 10 is the same and
the rest of the network is completely different..
It's almost like the server is saying (hey the first numbers are the same
so let's use the first entry and ignore the subnet mask)
Can anyone shed any light on this problem. It's a Novell 5.0 SP6a running
BM3.6 SP3
Thanks
Randy> 1. Does RIP have to be turned on for the FW to work?
no
> 2. Why does it not do STATIC routes correctly?
it does, provided that everything is properly configured.
> 3. Why do RIP route come before STATIC routes?
it shouldn't....
> 10.1.1.0 255.255.255.0 next hop 10.1.1.20
> 10.1.2.0 255.255.255.0 next hop 10.1.1.30
>
> It seems BM or the Novell Server completely ignores the Subnet mask
> altogther. I even seem this when on the first number 10 is the same and
> the rest of the network is completely different..
ok, you must have RIP I enabled. RIP I does NOT support subnet masks.
Go to inetcfg/bindings. Select the bindings where you want to disable RIP I.
Go to Configure TCP/IP bind options, go to RIP bind options and in the RIP
version, select RIPII.
Make sure that in inetcfg, LAN static routing is enabled, as well.
Caterina Luppi
Novell Support Connection Volunteer Sysop -
Running RIP between CPE and PE but rip database on CPE has no vrf routes
I am running RIP between CPE and PE and it is working - I can see the RIP routes in the VRF routing table. However I cannot see the RIP routes on the CPE, which I need to be able to do.
PE RIP Config
router rip
address-family ipv4 vrf ABC
redistribute static metric 1
redistribute bgp 12345
network XX.0.0.0
no auto-summary
exit-address-family
CPE RIP Config
router rip
version 2
redistribute connected metric 1 route-map Connected
network XX.0.0.0
no auto-summary
route-map Connected permit 10
description *** Interfaces to be advertised to MPLS Network ***
match interface Vlan1
route-map Connected deny 100
description *** Deny Statement ***
Thanks in advance for your help
Regards
DKHi DK,
You need to put the "metric #" command in your redistribute bgp configuration under the vrf SAFI in the RIP config on the PE router. This is done to prevent BGP MED (metric) from being used as the RIP metric, which as you would know, has a hop limit of 16.
router rip
address-family ipv4 vrf ABC
redistribute static metric 1
redistribute bgp 12345 metric 1
network XX.0.0.0
no auto-summary
exit-address-family
Try that and you should then see your VPN routes showing on the CE when the RIP process refreshes.
HTH
Joe. -
Getting ripped episodes of LOST on my iPod Touch
I own season 1 of LOST and Season 3 of Rescue Me. I've recently ripped some of the files to MP4 format to place on my Touch with handbrake. I cannot get the ripped versions of these episodes to load to my Touch. They are loading fine into my iTunes library, and play fine on my Apple TV, but won't load to the Touch. Oddly, older ripped versions of Rescue Me are loading fine to the Touch, which were also ripped with Handbrake. Anyone have any ideas? I don't even know where to start trouble shooting this one.....
Right click on the video and select 'Convert selection for iPod/iPhone' and then try syncing again.
-
Route Redistribution between RIP and OSPF
Hi all,
I'm building my home lab and having difficutly to get this part of router redistribution work.
I can't ping from PC, Server and SW1 to R2's int f0/0, f0/1 and SW2's G0/1.
I can't ping from R1 to R2's f0/1, SW2
Vice versa, I can't ping from SW2 to R2's f0/0, R1's f0/0 & f0/1, SW1, PC and Server.
Also, I can't ping from R2 to R1's f0/1, SW1, Server and PC.
I think the reason cause these ping's failure is I didn't config the Route Redistribution between RIP and OSPF(on R2)correctly. I strugled for hours to change comand around but still can't figure it out. I attached my Topology and config. file to you and please help!
smartd1011Hi,
On R1, you should not be advertising 10.0.0.0/24 via OSPF => redistribution will handle that
On R1, you should not be advertising 20.0.0.0/24 via EIGRP => redistribution will handle that
On R2, you should not be advertising 30.0.0.0/24 via OSPF => redistribution will handle that
On R2, you should not be advertising 20.0.0.0/24 via RIP=> redistribution will handle that
On R2, under your rip process, you should put a metric to RIP otherwise it would redistributed with infinite metric (i.e. 16). Btw, you did put a seed metric on your EIGRP redistribution which is fine.
Also if you're talking RIP with switch2 and would like to send rip updates to him, you remove your passive interface statement
your rip statement should be somethin like that :
router rip
version 2
redistribute ospf 1 metric 5
passive-interface FastEthernet0/0
network 30.0.0.0
no auto-summary
HTH -
RIP V2, network command with classless address yield to classful
As we know that RIP V2 is Classless while V1 is Classful.
Obviously there are other differences. Cisco has mentioned them in CCNA3 V3.1 Article 1.2.3
RIP V2 supports prefix routing with VLSM so different subnets within the same network can have different subnet masks.
A(config)#router rip
A(config-router)#ver 2
A(config-router)#network
A(config-router)#network 172.16.2.0
A(config-router)#^Z
A#sh run
*Apr 7 05:36:29.422: %SYS-5-CONFIG_I: Configured from console by console
A#sh run | b router rip
router rip
version 2
redistribute eigrp 12 metric 2
network 11.0.0.0
network 172.16.0.0
network 192.1.14.0
Why has the value been changed from 172.16.2.0 to 172.16.0.0 ?
What is the point of using RIP V2 if it yields to same result as RIP V1 ?Although ripv2 is classless, the configuration of which interfaces are attached to the rip process is classfull.
In this case of yours, all interfaces configured in the range of 11.0.0.0/8, 172.16.0.0/16 or 192.1.14.0/24 will be attached to the rip process. If an interface exists with subnet 172.16.2.0/24 it will be advertised as such.
Hope this helps, -
We recently purchased a WTR54GS for evaluation as a travel router.
The basic function of the router works fine, however, when NAT is disabled and the Internet interface is connected to an upstream router running RIP version 2, the upstream router will not learn about the WTR54GS's directly connected Ethernet interface.
After performing some packet capture with Ethereal, I determined this issue to be due to an invalid next hop IP address specified in the WTR54GS's outgoing RIP update. I've checked for a firmware update for this router, but there is none.
Does anyone have any ideas about this? I have attached the packet details of the outgoing RIP v2 update from the WTR54GS. Note that the packet is a broadcast, although true RIP v2 should be a multicast packet on 224.0.0.9
Packet details:
No. Time Source Destination Protocol Info
2 10.587371 172.16.0.3 172.16.0.255 RIPv2 Response
Frame 2 (106 bytes on wire, 106 bytes captured)
Ethernet II, Src: Cisco-Li_d9:39:53 (00:13:10:d9:39:53), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol, Src: 172.16.0.3 (172.16.0.3), Dst: 172.16.0.255 (172.16.0.255)
User Datagram Protocol, Src Port: router (520), Dst Port: router (520)
Routing Information Protocol
Command: Response (2)
Version: RIPv2 (2)
Routing Domain: 0
IP Address: 10.0.0.0, Metric: 16
Address Family: IP (2)
Route Tag: 0
IP Address: 10.0.0.0 (10.0.0.0)
Netmask: 255.0.0.0 (255.0.0.0)
Next Hop: 172.16.0.1 (172.16.0.1)
Metric: 16
IP Address: 192.168.16.0, Metric: 1
Address Family: IP (2)
Route Tag: 0
IP Address: 192.168.16.0 (192.168.16.0)
Netmask: 255.255.255.0 (255.255.255.0)
Next Hop: 192.168.16.1 (192.168.16.1)
Metric: 1
IP Address: 0.0.0.0, Metric: 16
Address Family: IP (2)
Route Tag: 0
IP Address: 0.0.0.0 (0.0.0.0)
Netmask: 0.0.0.0 (0.0.0.0)
Next Hop: 172.16.0.1 (172.16.0.1)
Metric: 16
As you can see, the outgoing update from the Internet interface of the WTR54GS indicates that 192.168.16.0 /24 is accessible via 192.168.16.1. Obviously, if the upstream router doesn't have a static route indicating that 192.168.16.0 /24 is available via the WTR54GS's Internet interface's IP address, then 192.168.16.0 /24 will be unreachable.
Mike Delorie
A+, Network+, CWNA, CCNP
Systems Analyst
Kootenay Savings Credit Union
200 – 1199 Cedar Avenue
Trail, BC V1R 4B8
Desk: (250) 368-2758
Fax: (250) 368-5203Does this problem happen on some specific routers of the 30 or randomly on any few.
You can try the below and update as to what is the effect.
1) Try increasing the interpacket delay for RIP updates. By default its none, but you may want to introduce a delay just in case to check if the packets being dropped is the reason for some routers not reflecting the updates.
Router(config)# router rip
Router(router-config)#output-delay 15
2) Alternatively you can try triggered updates on the links connecting to your DSL routers. This will send updates only when there is a change and keep the periodic updates suppressed.
Router(config-if)#ip rip triggered
Please do update what is the effect.
HTH-Cheers,
Swaroop -
Officejet Pro 8600 - Macbook Pro and Macbook Air will not print
Products:
HP Officejet Pro 8600
Macbook Pro (Mac OS X, Version 10.7.5)
Macbook Air (OS X, Version 10.8.2)
Question:
Why did my Macs initially print fine, but now will not print at all?
Full Story:
I have a wireless network at my house that consisted of a 30mb cable internet, Netgear 900n, HP Officejet Pro 8600, 2 Dell Laptops with Windows 7, a Lenovo Laptop with Windows 7, and Dell Tower with Windows 7 - All printed just fine.
The HP Officejet 8600 was added to my network about 2 months ago.
I added a Macbook Pro and a Macbook Air about 3 weeks ago. Both Macs printed just fine for about a week. Then suddenly they stopped. I spent about 2 hours on the phone with HP Service, and they finally said it must be my router. So I called Netgear. Netgear was useless! They wanted me to agree to charges for services before they would even discuss the issue.
Due to information provided by HP's service support, and because Netgear will not support their product, I promptly purchased a new router - an Apple Airport Extreme.
The Macs recognize the printer, will print if hardwired via a USB cable, but will not print wirelessly to the Officejet Pro 8600. The PCs print fine.
The frustration that is being felt is compound by the fact that the Macs printed just fine with the Officejet Pro 8600 2 weeks ago, and now the printer just shows "idle"... even with a new router. (see image below)
Please help, I appreciate any support.
As a side note, the HP Service rep was very friendly, and definitely tried to support the HP Product, which is much more than I can say about Netgear.
Thank you,
This question was solved.
View Solution.Hi,
More likely the issue related with Multicast, which Apple devices relies on to communicate with teh device through the network.
First try unplugging the router for 30 seconds.
Plug it back to the power and wait for 2-3 minutes.
Turn the HP printer Off and back On, then check for any difference.
If the same persists, try changing your router configuration as following
Note: the settings below are not related with the HP product, I provide you the steps as a best effor and those are only based on my own knowledge. you may try modifying the router settings at your own risk:
Open the router configuration page (can be found listed as the Default Gateway by clicking the Wireless icon on the printer, then print a network configuration report.
Click the Advanced tab.
Click the Setup option from the menu, then click on WAN Setup.
Make sure to uncheck the box next to Disable IGMP Proxying and Apply the changes.
Click the LAN Setup on the same Setup menu.
Set the RIP Version as RIP-2 and Apply the changes.
Reboot your router and then check for any change.
I hope you may find that information useful, you may also use the user guide below for further information:
http://www.downloads.netgear.com/files/GDC/WNDR4500/WNDR4500_UM_07DEC2011.pdf
Shlomi
Say thanks by clicking the Kudos thumb up in the post.
If my post resolve your problem please mark it as an Accepted Solution -
Cannot print PDF files: "/usr/lib/cups/filter/pdftops failed"
Hi
I have a HP Deskjet D1460 printer (crap, i know ). I'm using hplip 3.11.1 drivers and CUPS 1.4.6hplip 3.11.1.
Today i wanted to print a pdf file, and my printer just silently refused to work, like they always do I did some log-scavenging, and found this rather long one:
E [11/Feb/2011:12:44:36 +0100] [Job 24] Job stopped due to filter errors; please consult the error_log file for details.
D [11/Feb/2011:12:44:36 +0100] [Job 24] The following messages were recorded from 12:44:30 to 12:44:36
D [11/Feb/2011:12:44:36 +0100] [Job 24] Adding start banner page "none".
D [11/Feb/2011:12:44:36 +0100] [Job 24] Queued on "Deskjet_D1400" by "kaszak".
D [11/Feb/2011:12:44:36 +0100] [Job 24] Auto-typing file...
D [11/Feb/2011:12:44:36 +0100] [Job 24] Request file type is application/pdf.
D [11/Feb/2011:12:44:36 +0100] [Job 24] File of type application/pdf queued by "kaszak".
D [11/Feb/2011:12:44:36 +0100] [Job 24] Adding end banner page "none".
D [11/Feb/2011:12:44:36 +0100] [Job 24] job-sheets=none,none
D [11/Feb/2011:12:44:36 +0100] [Job 24] argv[0]="Deskjet_D1400"
D [11/Feb/2011:12:44:36 +0100] [Job 24] argv[1]="24"
D [11/Feb/2011:12:44:36 +0100] [Job 24] argv[2]="kaszak"
D [11/Feb/2011:12:44:36 +0100] [Job 24] argv[3]="przelew.pdf"
D [11/Feb/2011:12:44:36 +0100] [Job 24] argv[4]="1"
D [11/Feb/2011:12:44:36 +0100] [Job 24] argv[5]="finishings=3 number-up=1 page-ranges=1 job-uuid=urn:uuid:82dc9ff4-9df7-3643-7cb5-87d5084f99f5 job-originating-host-name=localhost time-at-creation=1297424670 time-at-processing=1297424670 AP_D_InputSlot="
D [11/Feb/2011:12:44:36 +0100] [Job 24] argv[6]="/var/spool/cups/d00024-001"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[0]="CUPS_CACHEDIR=/var/cache/cups"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[1]="CUPS_DATADIR=/usr/share/cups"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[2]="CUPS_DOCROOT=/usr/share/cups/doc"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[3]="CUPS_FONTPATH=/usr/share/cups/fonts"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[4]="CUPS_REQUESTROOT=/var/spool/cups"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[5]="CUPS_SERVERBIN=/usr/lib/cups"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[6]="CUPS_SERVERROOT=/etc/cups"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[7]="CUPS_STATEDIR=/var/run/cups"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[8]="HOME=/var/spool/cups/tmp"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[9]="PATH=/usr/lib/cups/filter:/usr/bin:/usr/sbin:/bin:/usr/bin"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[10]="SERVER_ADMIN=root@localhost"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[11]="SOFTWARE=CUPS/1.4.6"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[12]="TMPDIR=/var/spool/cups/tmp"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[13]="USER=root"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[14]="CUPS_SERVER=/var/run/cups/cups.sock"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[15]="CUPS_ENCRYPTION=IfRequested"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[16]="IPP_PORT=631"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[17]="CHARSET=utf-8"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[18]="LANG=pl_PL.UTF-8"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[19]="PPD=/etc/cups/ppd/Deskjet_D1400.ppd"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[20]="RIP_MAX_CACHE=8m"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[21]="CONTENT_TYPE=application/pdf"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[22]="DEVICE_URI=hp:/usb/Deskjet_D1400_series?serial=TH7B13311X04Y2"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[23]="PRINTER_INFO="
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[24]="PRINTER_LOCATION="
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[25]="PRINTER=Deskjet_D1400"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[26]="CUPS_FILETYPE=document"
D [11/Feb/2011:12:44:36 +0100] [Job 24] envp[27]="FINAL_CONTENT_TYPE=printer/Deskjet_D1400"
D [11/Feb/2011:12:44:36 +0100] [Job 24] Started filter /usr/lib/cups/filter/pdftops (PID 2793)
D [11/Feb/2011:12:44:36 +0100] [Job 24] Started filter /usr/lib/cups/filter/foomatic-rip-hplip (PID 2794)
D [11/Feb/2011:12:44:36 +0100] [Job 24] Started backend /usr/lib/cups/backend/hp (PID 2795)
D [11/Feb/2011:12:44:36 +0100] [Job 24] Started filter pdftops (PID 2796)
D [11/Feb/2011:12:44:36 +0100] [Job 24] Started filter pstops (PID 2797)
D [11/Feb/2011:12:44:36 +0100] [Job 24] Page = 612x792; 18,36 to 594,783
D [11/Feb/2011:12:44:36 +0100] [Job 24] slow_collate=0, slow_duplex=0, slow_order=0
D [11/Feb/2011:12:44:36 +0100] [Job 24] Before copy_comments - %!PS-Adobe-3.0
D [11/Feb/2011:12:44:36 +0100] [Job 24] %!PS-Adobe-3.0
D [11/Feb/2011:12:44:36 +0100] [Job 24] %%LanguageLevel: 3
D [11/Feb/2011:12:44:36 +0100] [Job 24] %%DocumentSuppliedResources: (atend)
D [11/Feb/2011:12:44:36 +0100] [Job 24] %%DocumentMedia: plain 596 842 0 () ()
D [11/Feb/2011:12:44:36 +0100] [Job 24] %%BoundingBox: 0 0 596 842
D [11/Feb/2011:12:44:36 +0100] [Job 24] %%Pages: 1
D [11/Feb/2011:12:44:36 +0100] [Job 24] %%EndComments
D [11/Feb/2011:12:44:36 +0100] [Job 24] Before copy_prolog - %%BeginDefaults
D [11/Feb/2011:12:44:36 +0100] [Job 24] Before copy_setup - %%BeginSetup
D [11/Feb/2011:12:44:36 +0100] [Job 24] foomatic-rip version $Revision=3.0.2.131$ running...
D [11/Feb/2011:12:44:36 +0100] [Job 24] Parsing PPD file ...
D [11/Feb/2011:12:44:36 +0100] [Job 24] Added option ColorSpace
D [11/Feb/2011:12:44:36 +0100] [Job 24] Added option Resolution
D [11/Feb/2011:12:44:36 +0100] [Job 24] Added option PageSize
D [11/Feb/2011:12:44:36 +0100] [Job 24] Added option Model
D [11/Feb/2011:12:44:36 +0100] [Job 24] Added option PrintoutMode
D [11/Feb/2011:12:44:36 +0100] [Job 24] Added option Quality
D [11/Feb/2011:12:44:36 +0100] [Job 24] *cupsFilter: "application/vnd.cups-postscript 100 foomatic-rip-hplip"
D [11/Feb/2011:12:44:36 +0100] [Job 24] *cupsFilter: "application/vnd.cups-pdf 0 foomatic-rip-hplip"
D [11/Feb/2011:12:44:36 +0100] [Job 24] Added option PageRegion
D [11/Feb/2011:12:44:36 +0100] [Job 24] Added option ImageableArea
D [11/Feb/2011:12:44:36 +0100] [Job 24] Added option PaperDimension
D [11/Feb/2011:12:44:36 +0100] [Job 24] Added option Font
D [11/Feb/2011:12:44:36 +0100] [Job 24]
D [11/Feb/2011:12:44:36 +0100] [Job 24] Parameter Summary
D [11/Feb/2011:12:44:36 +0100] [Job 24] -----------------
D [11/Feb/2011:12:44:36 +0100] [Job 24]
D [11/Feb/2011:12:44:36 +0100] [Job 24] Spooler: cups
D [11/Feb/2011:12:44:36 +0100] [Job 24] Printer: Deskjet_D1400
D [11/Feb/2011:12:44:36 +0100] [Job 24] Shell: /bin/sh
D [11/Feb/2011:12:44:36 +0100] [Job 24] PPD file: /etc/cups/ppd/Deskjet_D1400.ppd
D [11/Feb/2011:12:44:36 +0100] [Job 24] ATTR file:
D [11/Feb/2011:12:44:36 +0100] [Job 24] Printer model: HP Deskjet d1400 Series hpijs, 3.11.1
D [11/Feb/2011:12:44:36 +0100] [Job 24] Job title: przelew.pdf
D [11/Feb/2011:12:44:36 +0100] [Job 24] File(s) to be printed:
D [11/Feb/2011:12:44:36 +0100] [Job 24] <STDIN>
D [11/Feb/2011:12:44:36 +0100] [Job 24]
D [11/Feb/2011:12:44:36 +0100] [Job 24] GhostScript extra search path ('GS_LIB'): /usr/share/cups/fonts
D [11/Feb/2011:12:44:36 +0100] [Job 24] Pondering option 'finishings=3'
D [11/Feb/2011:12:44:36 +0100] [Job 24] Unknown option finishings=3.
D [11/Feb/2011:12:44:36 +0100] [Job 24] Pondering option 'number-up=1'
D [11/Feb/2011:12:44:36 +0100] [Job 24] Unknown option number-up=1.
D [11/Feb/2011:12:44:36 +0100] [Job 24] Pondering option 'page-ranges=1'
D [11/Feb/2011:12:44:36 +0100] [Job 24] Unknown option page-ranges=1.
D [11/Feb/2011:12:44:36 +0100] [Job 24] Pondering option 'job-uuid=urn:uuid:82dc9ff4-9df7-3643-7cb5-87d5084f99f5'
D [11/Feb/2011:12:44:36 +0100] [Job 24] Unknown option job-uuid=urn:uuid:82dc9ff4-9df7-3643-7cb5-87d5084f99f5.
D [11/Feb/2011:12:44:36 +0100] [Job 24] Pondering option 'job-originating-host-name=localhost'
D [11/Feb/2011:12:44:36 +0100] [Job 24] Unknown option job-originating-host-name=localhost.
D [11/Feb/2011:12:44:36 +0100] [Job 24] Pondering option 'time-at-creation=1297424670'
D [11/Feb/2011:12:44:36 +0100] [Job 24] Unknown option time-at-creation=1297424670.
D [11/Feb/2011:12:44:36 +0100] [Job 24] Pondering option 'time-at-processing=1297424670'
D [11/Feb/2011:12:44:36 +0100] [Job 24] Unknown option time-at-processing=1297424670.
D [11/Feb/2011:12:44:36 +0100] [Job 24] Pondering option 'AP_D_InputSlot='
D [11/Feb/2011:12:44:36 +0100] [Job 24] Unknown option AP_D_InputSlot=.
D [11/Feb/2011:12:44:36 +0100] [Job 24]
D [11/Feb/2011:12:44:36 +0100] [Job 24] ================================================
D [11/Feb/2011:12:44:36 +0100] [Job 24]
D [11/Feb/2011:12:44:36 +0100] [Job 24] File: <STDIN>
D [11/Feb/2011:12:44:36 +0100] [Job 24]
D [11/Feb/2011:12:44:36 +0100] [Job 24] ================================================
D [11/Feb/2011:12:44:36 +0100] [Job 24]
D [11/Feb/2011:12:44:36 +0100] [Job 24] Reading PostScript input ...
D [11/Feb/2011:12:44:36 +0100] [Job 24] --> This document is DSC-conforming!
D [11/Feb/2011:12:44:36 +0100] [Job 24] Found: %RBINumCopies: 1
D [11/Feb/2011:12:44:36 +0100] [Job 24] Job claims to be DSC-conforming, but "%%BeginProlog" was missing before first line with another "%%Begin..." comment (is this a TeX/LaTeX/dvips-generated PostScript file?). Assuming start of "Prolog" here.
D [11/Feb/2011:12:44:36 +0100] [Job 24]
D [11/Feb/2011:12:44:36 +0100] [Job 24] -----------
D [11/Feb/2011:12:44:36 +0100] [Job 24] Found: %%BeginProlog
D [11/Feb/2011:12:44:36 +0100] [Job 24] Found: %%EndProlog
D [11/Feb/2011:12:44:36 +0100] [Job 24]
D [11/Feb/2011:12:44:36 +0100] [Job 24] -----------
D [11/Feb/2011:12:44:36 +0100] [Job 24] Found: %%BeginSetup
D [11/Feb/2011:12:44:36 +0100] [Job 24] Found: %%BeginFeature: *PageSize Letter
D [11/Feb/2011:12:44:36 +0100] [Job 24] Option: PageSize=Letter --> Setting option
D [11/Feb/2011:12:44:36 +0100] [Job 24] Found: %% FoomaticRIPOptionSetting: PageSize=Letter
D [11/Feb/2011:12:44:36 +0100] [Job 24] Option: PageSize=Letter --> Setting option
D [11/Feb/2011:12:44:36 +0100] [Job 24] Found: %%BeginFeature: *PrintoutMode Normal
D [11/Feb/2011:12:44:36 +0100] [Job 24] Option: PrintoutMode=Normal --> Setting option
D [11/Feb/2011:12:44:36 +0100] [Job 24] Found: %% FoomaticRIPOptionSetting: PrintoutMode=Normal
D [11/Feb/2011:12:44:36 +0100] [Job 24] Option: PrintoutMode=Normal --> Setting option
D [11/Feb/2011:12:44:36 +0100] [Job 24] Found: %%BeginFeature: *Quality FromPrintoutMode
D [11/Feb/2011:12:44:36 +0100] [Job 24] Option: Quality=FromPrintoutMode --> Setting option
D [11/Feb/2011:12:44:36 +0100] [Job 24] Found: %% FoomaticRIPOptionSetting: Quality=@PrintoutMode
D [11/Feb/2011:12:44:36 +0100] [Job 24] Option: Quality=FromPrintoutMode --> Setting option
D [11/Feb/2011:12:44:36 +0100] [Job 24] Before page loop - %%Page: 1 1
D [11/Feb/2011:12:44:36 +0100] [Job 24] Copying page 1...
D [11/Feb/2011:12:44:36 +0100] [Job 24] pagew = 576.0, pagel = 747.0
D [11/Feb/2011:12:44:36 +0100] [Job 24] bboxx = 0, bboxy = 0, bboxw = 612, bboxl = 792
D [11/Feb/2011:12:44:36 +0100] [Job 24] PageLeft = 18.0, PageRight = 594.0
D [11/Feb/2011:12:44:36 +0100] [Job 24] PageTop = 783.0, PageBottom = 36.0
D [11/Feb/2011:12:44:36 +0100] [Job 24] PageWidth = 612.0, PageLength = 792.0
D [11/Feb/2011:12:44:36 +0100] [Job 24] Found: %%EndSetup
D [11/Feb/2011:12:44:36 +0100] [Job 24] Inserting PostScript code for CUPS' page accounting
D [11/Feb/2011:12:44:36 +0100] [Job 24]
D [11/Feb/2011:12:44:36 +0100] [Job 24] -----------
D [11/Feb/2011:12:44:36 +0100] [Job 24] New page: 1 1
D [11/Feb/2011:12:44:36 +0100] [Job 24]
D [11/Feb/2011:12:44:36 +0100] [Job 24] Found: %%BeginPageSetup
D [11/Feb/2011:12:44:36 +0100] [Job 24] Inserting option code into "PageSetup" section.
D [11/Feb/2011:12:44:36 +0100] [Job 24] Found: %%EndPageSetup
D [11/Feb/2011:12:44:36 +0100] [Job 24] End of page header
D [11/Feb/2011:12:44:36 +0100] [Job 24] Stopping search for page header options
D [11/Feb/2011:12:44:36 +0100] [Job 24] Found: S
D [11/Feb/2011:12:44:36 +0100] [Job 24] --> Output goes directly to the renderer now.
D [11/Feb/2011:12:44:36 +0100] [Job 24]
D [11/Feb/2011:12:44:36 +0100] [Job 24]
D [11/Feb/2011:12:44:36 +0100] [Job 24] Starting renderer
D [11/Feb/2011:12:44:36 +0100] [Job 24] renderer PID kid4=2802
D [11/Feb/2011:12:44:36 +0100] [Job 24] renderer command: gs -q -dBATCH -dPARANOIDSAFER -dQUIET -dNOPAUSE -sDEVICE=ijs -sIjsServer=hpijs -dDEVICEWIDTHPOINTS=612 -dDEVICEHEIGHTPOINTS=792 -sDeviceManufacturer="HEWLETT-PACKARD" -sDeviceModel="deskjet 3320" -r300 -sIjsParams=Quality:Quality=0,Quality:ColorMode=2,Quality:MediaType=0,Quality:PenSet=1 -dIjsUseOutputFD -sOutputFile=- -
D [11/Feb/2011:12:44:36 +0100] [Job 24] Starting process 2803: "gs -q -dBATCH -dPARANOIDSAFER -dQUIET -dNOPAUSE -sDEVICE=ijs -sIjsServer=hpijs -dDEVICEWIDTHPOINTS=6..."
D [11/Feb/2011:12:44:36 +0100] [Job 24] JCL: <job data>
D [11/Feb/2011:12:44:36 +0100] [Job 24]
D [11/Feb/2011:12:44:36 +0100] [Job 24] PID 2796 (pdftops) exited with no errors.
D [11/Feb/2011:12:44:36 +0100] [Job 24] prnt/hpijs/hpijs.cpp 650: WARNING: color pen has low ink
D [11/Feb/2011:12:44:36 +0100] [Job 24] STATE: +marker-supply-low-warning
D [11/Feb/2011:12:44:36 +0100] [Job 24] GPL Ghostscript 9.00: Unrecoverable error, exit code 1
D [11/Feb/2011:12:44:36 +0100] [Job 24] Process 2803 ending: "gs -q -dBATCH -dPARANOIDSAFER -dQUIET -dNOPAUSE -sDEVICE=ijs -sIjsServer=hpijs -dDEVICEWIDTHPOINTS=6..."
D [11/Feb/2011:12:44:36 +0100] [Job 24] renderer return value: 1
D [11/Feb/2011:12:44:36 +0100] [Job 24] renderer received signal: 1
D [11/Feb/2011:12:44:36 +0100] [Job 24] Process dying with "Possible error on renderer command line or PostScript error. Check options.", exit stat: 3
D [11/Feb/2011:12:44:36 +0100] [Job 24] error: Nie ma takiego pliku ani katalogu (2)
D [11/Feb/2011:12:44:36 +0100] [Job 24] Cleaning up ...
D [11/Feb/2011:12:44:36 +0100] [Job 24] Killing process 2802 (KID4) with signal 15
D [11/Feb/2011:12:44:36 +0100] [Job 24] Process dying with "Caught termination signal: Job canceled", exit stat: 0
D [11/Feb/2011:12:44:36 +0100] [Job 24] error: Przerwany potok (32)
D [11/Feb/2011:12:44:36 +0100] [Job 24] Cleaning up ...
D [11/Feb/2011:12:44:36 +0100] [Job 24] Killing process 2801 (KID3) with signal 15
D [11/Feb/2011:12:44:36 +0100] [Job 24] Process dying with "Caught termination signal: Job canceled", exit stat: 0
D [11/Feb/2011:12:44:36 +0100] [Job 24] error: (0)
D [11/Feb/2011:12:44:36 +0100] [Job 24] Cleaning up ...
D [11/Feb/2011:12:44:36 +0100] [Job 24] Process dying with "Caught termination signal: Job canceled", exit stat: 0
D [11/Feb/2011:12:44:36 +0100] [Job 24] error: Przerwane wywołanie systemowe (4)
D [11/Feb/2011:12:44:36 +0100] [Job 24] Cleaning up ...
D [11/Feb/2011:12:44:36 +0100] [Job 24] Killing process 2802 (KID4) with signal 15
D [11/Feb/2011:12:44:36 +0100] [Job 24]
D [11/Feb/2011:12:44:36 +0100] [Job 24] Closing foomatic-rip.
D [11/Feb/2011:12:44:36 +0100] [Job 24] Killing process 2802 (KID4) with signal 9
D [11/Feb/2011:12:44:36 +0100] [Job 24]
D [11/Feb/2011:12:44:36 +0100] [Job 24] Closing foomatic-rip.
D [11/Feb/2011:12:44:36 +0100] [Job 24] Killing process 2801 (KID3) with signal 9
D [11/Feb/2011:12:44:36 +0100] [Job 24] Caught termination signal: Job canceled
D [11/Feb/2011:12:44:36 +0100] [Job 24]
D [11/Feb/2011:12:44:36 +0100] [Job 24] Closing foomatic-rip.
D [11/Feb/2011:12:44:36 +0100] [Job 24] prnt/backend/hp.c 839: ERROR: null print job total=0
D [11/Feb/2011:12:44:36 +0100] [Job 24] PID 2797 (pstops) crashed on signal 13!
D [11/Feb/2011:12:44:36 +0100] [Job 24] End of messages
D [11/Feb/2011:12:44:36 +0100] [Job 24] printer-state=3(idle)
D [11/Feb/2011:12:44:36 +0100] [Job 24] printer-state-message="/usr/lib/cups/filter/pdftops failed"
D [11/Feb/2011:12:44:36 +0100] [Job 24] printer-state-reasons=marker-supply-low-warning
E [11/Feb/2011:12:45:56 +0100] [Job 22] Stopping unresponsive job!
E [11/Feb/2011:12:49:41 +0100] [Job 24] Stopping unresponsive job!
To be honest, it looks more like a Chinese poem rather than error log. I found this part the most disturbing:
D [11/Feb/2011:12:44:36 +0100] [Job 24] STATE: +marker-supply-low-warning
D [11/Feb/2011:12:44:36 +0100] [Job 24] GPL Ghostscript 9.00: Unrecoverable error, exit code 1
D [11/Feb/2011:12:44:36 +0100] [Job 24] Process 2803 ending: "gs -q -dBATCH -dPARANOIDSAFER -dQUIET -dNOPAUSE -sDEVICE=ijs -sIjsServer=hpijs -dDEVICEWIDTHPOINTS=6..."
D [11/Feb/2011:12:44:36 +0100] [Job 24] renderer return value: 1
D [11/Feb/2011:12:44:36 +0100] [Job 24] renderer received signal: 1
D [11/Feb/2011:12:44:36 +0100] [Job 24] Process dying with "Possible error on renderer command line or PostScript error. Check options.", exit stat: 3
D [11/Feb/2011:12:44:36 +0100] [Job 24] error: Nie ma takiego pliku ani katalogu (2)
D [11/Feb/2011:12:44:36 +0100] [Job 24] Cleaning up ...
D [11/Feb/2011:12:44:36 +0100] [Job 24] Killing process 2802 (KID4) with signal 15
D [11/Feb/2011:12:44:36 +0100] [Job 24] Process dying with "Caught termination signal: Job canceled", exit stat: 0
D [11/Feb/2011:12:44:36 +0100] [Job 24] error: Przerwany potok (32)
D [11/Feb/2011:12:44:36 +0100] [Job 24] Cleaning up ...
D [11/Feb/2011:12:44:36 +0100] [Job 24] Killing process 2801 (KID3) with signal 15
D [11/Feb/2011:12:44:36 +0100] [Job 24] Process dying with "Caught termination signal: Job canceled", exit stat: 0
D [11/Feb/2011:12:44:36 +0100] [Job 24] error: (0)
D [11/Feb/2011:12:44:36 +0100] [Job 24] Cleaning up ...
D [11/Feb/2011:12:44:36 +0100] [Job 24] Process dying with "Caught termination signal: Job canceled", exit stat: 0
D [11/Feb/2011:12:44:36 +0100] [Job 24] error: Przerwane wywołanie systemowe (4)
D [11/Feb/2011:12:44:36 +0100] [Job 24] Cleaning up ...
D [11/Feb/2011:12:44:36 +0100] [Job 24] Killing process 2802 (KID4) with signal 15
Anyone had such problems before? Just don't tell me this cursed device demands a sacrifice from freshly produced virgin paper sheets to chew on.
Other non-pdf documents print succesfully.just got hit with thie same error on my canon printer, and I was told I should try reinstalling the printer (not sure if that's meant for the driver or the actual printer in CUPS, but I intend to try both...
-
Access from Inside to Outside ASA 5510 ver 9.1
Hi All,
I need some help in getting an ASA up and processing traffic from the inside network to the internet. I have a Cisco 2811 Router behind a Cisco ASA 5510. From the ASA I can ping the 2811 and I can ping IP addresses on the internet. I have updated the IOS and ASDM on the router to the newest versions. 9.1(4) and 7.1. I believe the problem is in the Objects, ACL and getting those together, but I don't know much about the ASA and I don't know how the post 8.2 setup works. I am hoping I can get some help here to get me up and running so I can access the internet from behind the ASA.
Here is my ASA Config and I will post some of the 2811 Router config as well, though I am not sure thati s where the issue lies, but at this point, I haven't a clue. Both are up to date for the newest versions of the respective IOS.
I need to know what objects / ACL's et cetera to put in to get traffic flowing inside / out.
Thank you for the help!
ASA5510(config)# sh running-config
: Saved
ASA Version 9.1(4)
hostname ASA5510
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
names
dns-guard
interface Ethernet0/0
description LAN Interface
nameif Inside
security-level 100
ip address 10.10.1.1 255.255.255.252
interface Ethernet0/1
description WAN Interface
nameif Outside
security-level 0
ip address 199.195.168.100 255.255.255.240
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
shutdown
nameif management
security-level 0
no ip address
boot system disk0:/asa914-k8.bin
ftp mode passive
dns domain-lookup Outside
dns server-group DefaultDNS
name-server 199.195.168.4
name-server 205.171.2.65
name-server 205.171.3.65
domain-name internal.int
access-list USERS standard permit 10.10.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu Inside 1500
mtu Outside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-715.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
router rip
network 10.0.0.0
network 199.195.168.0
version 2
no auto-summary
route Outside 0.0.0.0 0.0.0.0 199.195.168.113 1
route Inside 172.16.10.0 255.255.255.0 10.10.1.2 1
route Inside 172.16.20.0 255.255.255.0 10.10.1.2 1
route Inside 192.168.1.0 255.255.255.0 10.10.1.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 Inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 Inside
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username redacted password vj4PdtfGNFrB.Ksz encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
: end
CISCO 2811:
Current configuration : 2601 bytes
! Last configuration change at 07:24:32 UTC Fri Jan 3 2014
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RouterDeMitch
boot-start-marker
boot system flash
boot-end-marker
! card type command needed for slot/vwic-slot 0/0
no aaa new-model
dot11 syslog
ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.49
ip dhcp excluded-address 172.16.10.1 172.16.10.49
ip dhcp excluded-address 172.16.20.1 172.16.20.49
ip dhcp pool Mitchs_Network
network 192.168.1.0 255.255.255.0
dns-server 199.195.168.4 205.171.2.65 205.171.3.65 8.8.8.8
default-router 192.168.1.1
ip dhcp pool VLAN10
network 172.16.10.0 255.255.255.0
default-router 172.16.10.1
dns-server 199.195.168.4 205.171.2.65 205.171.3.65 8.8.8.8
ip dhcp pool VLAN20
network 172.16.20.0 255.255.255.0
dns-server 199.195.168.4 205.171.2.65 205.171.3.65 8.8.8.8
default-router 172.16.20.1
no ip domain lookup
ip name-server 199.195.168.4
ip name-server 205.171.2.65
ip name-server 205.171.3.65
ip name-server 8.8.8.8
multilink bundle-name authenticated
crypto pki token default removal timeout 0
redundancy
interface FastEthernet0/0
description CONNECTION TO INSIDE INT. OF ASA
ip address 10.10.1.2 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/1
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/1.1
encapsulation dot1Q 10
ip address 172.16.10.1 255.255.255.0
interface FastEthernet0/1.2
encapsulation dot1Q 20
ip address 172.16.20.1 255.255.255.0
interface FastEthernet0/1.3
description Trunk Interface VLAN 1
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.0
interface Dialer0
no ip address
router rip
version 2
network 172.16.0.0
network 192.168.1.0
network 199.195.168.0
no auto-summary
ip default-gateway 10.10.1.1
ip forward-protocol nd
no ip http server
no ip http secure-server
ip dns server
ip nat inside source list 1 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
access-list 1 permit any
dialer-list 1 protocol ip permit
control-plane
line con 0
exec-timeout 0 0
password encrypted
login
line aux 0
line vty 0 4
exec-timeout 0 0
transport input all
scheduler allocate 20000 1000
endI made those changes, but still no internet. I did not add this statement nat (inside,outside) after-auto source dynamic any interface I went with the more granular.
ASA5510# sh running-config
: Saved
ASA Version 9.1(4)
hostname ASA5510
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd liqhNWIOSfzvir2g encrypted
names
dns-guard
interface Ethernet0/0
description LAN Interface
nameif Inside
security-level 100
ip address 10.10.1.1 255.255.255.252
interface Ethernet0/1
description WAN Interface
nameif Outside
security-level 0
ip address 199.195.168.123 255.255.255.240
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
shutdown
nameif management
security-level 0
no ip address
boot system disk0:/asa914-k8.bin
ftp mode passive
dns domain-lookup Outside
dns server-group DefaultDNS
name-server 199.195.168.4
name-server 205.171.2.65
name-server 205.171.3.65
domain-name internal.int
object-group network PAT-SOURCE
network-object 172.16.10.0 255.255.255.0
network-object 172.16.20.0 255.255.255.0
network-object 192.168.1.0 255.255.255.0
network-object 10.10.1.0 255.255.255.252
access-list USERS standard permit 10.10.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu Inside 1500
mtu Outside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-715.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (Inside,Outside) after-auto source dynamic PAT-SOURCE interface
router rip
network 10.0.0.0
network 199.195.168.0
version 2
no auto-summary
route Outside 0.0.0.0 0.0.0.0 199.195.168.113 1
route Inside 172.16.10.0 255.255.255.0 10.10.1.2 1
route Inside 172.16.20.0 255.255.255.0 10.10.1.2 1
route Inside 192.168.1.0 255.255.255.0 10.10.1.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 Inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 Inside
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
: end
Message was edited by: Mitchell Tuckness -
IOS SSL VPN WITH RADIUS Authorization
Hi
I'm trying to authenitcate and authorize the users loggining into SSLVPN via ACS and although the ACS loggs and "TEST" command on the router shw succeeful authentication i receive the flollowing debug
*Jun 6 22:39:50.157: %SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: SSLVPN i_vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at 10.0.0.100:4346
Rack1R1(config)#
*Jun 6 22:40:09.409: %SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: SSLVPN i_vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at 10.0.0.100:4357
Rack1R1(config)#
*Jun 6 22:40:21.409: WV-AAA: AAA authentication request sent for user: "SSLUSER"
*Jun 6 22:40:21.409: RADIUS/ENCODE(00000000):Orig. component type = INVALID
*Jun 6 22:40:21.409: RADIUS/ENCODE(00000000): dropping service type, "radius-server attribute 6 on-for-login-auth" is off
*Jun 6 22:40:21.409: RADIUS(00000000): Config NAS IP: 150.1.1.1
*Jun 6 22:40:21.409: RADIUS(00000000): sending
*Jun 6 22:40:21.409: RADIUS(00000000): Send Access-Request to 10.0.0.100:1645 id 1645/27, len 60
*Jun 6 22:40:21.409: RADIUS: authenticator AC 16 B3 54 46 72 37 05 - 4C 00 19 21 81 97 40 6E
*Jun 6 22:40:21.409: RADIUS: User-Name [1] 16 "SSLUSER@SSLVPN"
Rack1R1(config)#
*Jun 6 22:40:21.409: RADIUS: User-Password [2] 18 *
*Jun 6 22:40:21.409: RADIUS: NAS-IP-Address [4] 6 150.1.1.1
*Jun 6 22:40:21.669: RADIUS: Received from id 1645/27 10.0.0.100:1645, Access-Accept, len 282
*Jun 6 22:40:21.669: RADIUS: authenticator 2D 2C B0 39 89 4C 41 88 - 40 32 E2 09 0D 7F 6B 0C
*Jun 6 22:40:21.669: RADIUS: Framed-IP-Address [8] 6 255.255.255.255
*Jun 6 22:40:21.669: RADIUS: Vendor, Cisco [26] 28
*Jun 6 22:40:21.669: RADIUS: Cisco AVpair [1] 22 "webvpn:svc-enabled=1"
*Jun 6 22:40:21.669: RADIUS: Vendor, Cisco [26] 29
*Jun 6 22:40:21.669: RADIUS: Cisco AVpair [1] 23 "webvpn:svc-required=1"
*Jun 6 22:40:21.669: RADIUS: Vendor, Cisco [26] 50
*Jun 6 22:40:21.669: RADIUS: Cisco AVpair [1] 44 "webvpn:split-include=6.6.6.0 255.255.255.0"
*Jun 6 22:40:21.669: RADIUS: Vendor, Cisco [26] 35
*Jun 6 22:40:21.669: RADIUS: Cisco AVpair [1] 29 "webvpn:keep-svc-installed=1"
*Jun 6 22:40:21.669: RADIUS: Vendor, Cisco [26] 31
*Jun 6 22:40:21.669: RADIUS: Cisco AVpair [1] 25 "webvpn:addr-pool=SSLVPN"
*Jun 6 22:40:21.669: RADIUS: Vendor, Cisco [26] 41
*Jun 6 22:40:21.669: RADIUS: Service-Type [6] 6 Outbound [5]
*Jun 6 22:40:21.669: RADIUS: Class [25] 36
*Jun 6 22:40:21.669: RADIUS: 43 41 43 53 3A 30 2F 34 37 30 2F 39 36 30 31 30 [CACS:0/470/96010]
*Jun 6 22:40:21.669: RADIUS: 31 30 31 2F 53 53 4C 55 53 45 52 40 53 53 4C 56 [101/SSLUSER@SSLV]
*Jun 6 22:40:21.669: RADIUS: 50 4E [PN]
*Jun 6 22:40:21.673: RADIUS(00000000): Received from id 1645/27
*Jun 6 22:40:21.673: RADIUS(00000000): Unique id not in use
Rack1R1(config)#
*Jun 6 22:40:21.673: RADIUS/DECODE(00000000): There is no RADIUS DB Some Radius attributes may not be stored
*Jun 6 22:40:21.673: AAA/AUTHOR (0x0): Pick method list 'RAD'
Rack1R1(config)#
*Jun 6 22:40:23.673: WV-AAA: AAA Authentication Failed!
Rack1R1(config)#
*Jun 6 22:40:24.069: %SSLVPN-5-SSL_TLS_CONNECT_OK: vw_ctx: UNKNOWN vw_gw: SSLVPN i_vrf: 0 f_vrf: 0 status: SSL/TLS connection successful with remote at 10.0.0.100:4359
Rack1R1(config)#
router Configuration
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Rack1R1
boot-start-marker
boot-end-marker
! card type command needed for slot/vwic-slot 0/1
logging message-counter syslog
enable password cisco
aaa new-model
aaa authentication login RAD group radius
aaa authorization network RAD group radius
aaa session-id common
dot11 syslog
ip source-route
ip cef
no ip domain lookup
ip domain name INE.com
ip host cisco.com 136.1.121.1
ip host www.cisco.com 136.1.121.1
ip host www.google.com 136.1.121.1
ip host www.ripe.net 136.1.121.1
no ipv6 cef
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-3354934498
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3354934498
revocation-check none
rsakeypair TP-self-signed-3354934498
crypto pki certificate chain TP-self-signed-3354934498
certificate self-signed 01
30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33333534 39333434 3938301E 170D3132 30363036 31333030
32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33353439
33343439 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B1E5 889BEB9A 31DFC0D4 7C7F698F 0F52E404 0849263A BD443A96 13C6A440
DCBD4345 EF301E91 0D4AADD9 3C2A17F2 E26E5E96 90F96809 D8FCCF32 7EB58100
74E4772C 6395E03C 1B7F1AF5 482F861F DD62D079 F9977FE2 0E544E18 5FAAF290
DF665B45 EF10D3EC D924E87A 5F827F07 06DE8961 F361C3FA EDBE5F68 452221C8
B9570203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603
551D1104 13301182 0F526163 6B315231 2E494E45 2E636F6D 301F0603 551D2304
18301680 140B00B8 FD9B58CF 8A6F51BE 25DEC6C5 85E14495 05301D06 03551D0E
04160414 0B00B8FD 9B58CF8A 6F51BE25 DEC6C585 E1449505 300D0609 2A864886
F70D0101 04050003 81810006 4192E2DB ABAF533E 9C4BF24E DF6BFD45 144A6AE9
C874E311 27B23E7B E8DB18C3 4FFB4ACA 4B09F63E 62501578 D8F58D73 D08F016F
49C99B8D DA1073E5 A141C1C7 505BD191 FC58EA7F 54BD9B98 579E1726 7C1CA619
A45DDABC 8F315EE9 D20A30A8 2BD5D67D B744BD69 353B4670 E5BA4540 47059E60
9DC4C940 E91AACBB 4EAFFA
quit
username admin privilege 15 password 0 admin
username SSLUSER@SSLVPN password 0 cisco
archive
log config
hidekeys
crypto ipsec client ezvpn EZVPN_CLIENT
connect auto
mode client
xauth userid mode interactive
ip tcp synwait-time 5
interface Loopback0
ip address 150.1.1.1 255.255.255.0
interface Loopback6
ip address 6.6.6.6 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet0/1
no ip address
duplex auto
speed auto
interface FastEthernet0/1.11
encapsulation dot1Q 12
ip address 136.1.11.1 255.255.255.0
interface FastEthernet0/1.121
encapsulation dot1Q 121
ip address 136.1.121.1 255.255.255.0
interface FastEthernet0/0/0
interface FastEthernet0/0/1
interface FastEthernet0/0/2
interface FastEthernet0/0/3
interface Virtual-Template1 type tunnel
no ip address
tunnel mode ipsec ipv4
interface Vlan1
no ip address
router rip
version 2
passive-interface FastEthernet0/1.11
network 136.1.0.0
network 150.1.0.0
no auto-summary
ip local pool SSLVPN 40.0.0.1 40.0.0.254
ip forward-protocol nd
ip route 10.0.0.0 255.255.255.0 136.1.121.12
ip http server
ip http secure-server
ip dns server
ip access-list extended SPLIT
permit ip 136.1.11.0 0.0.0.255 10.0.0.0 0.0.0.255
ip radius source-interface Loopback0
radius-server host 10.0.0.100 auth-port 1645 acct-port 1646 key CISCO
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
line vty 0 4
password cisco
scheduler allocate 20000 1000
webvpn gateway SSLVPN
ip interface Loopback0 port 443
http-redirect port 80
ssl encryption rc4-md5
ssl trustpoint TP-self-signed-3354934498
logging enable
inservice
webvpn install svc flash:/webvpn/anyconnect-win-2.5.3055-k9.pkg sequence 1
webvpn context SSLVPN
title "**SSLVPN **"
ssl encryption rc4-md5
ssl authenticate verify all
aaa authentication list RAD
aaa authentication domain @SSLVPN
aaa authorization list RAD
gateway SSLVPN
inservice
end
Any Idea?Hi,
As I understand , you need to know if you can assign static ip to a user and also is there any other way of assiging a ip other than local pool.
There are three ways of assinging an ip address to VPN client: using local pool, AAA server,DHCP.
You can use the following link for more information:-
Assigning static ip for user present locally on ASA:-
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a7afb2.shtml
For user present on Active Directory:-
http://technet.microsoft.com/en-us/library/cc786213%28WS.10%29.aspx
The following is the link for assigning ip address using DHCP:-
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080a66bc6.shtml
I hope it helps.
Thanks,
Shilpa -
How can I play DVD that I rip with DVD Shrink and that now I have on an external hard drive on my macbook
Please advise
Thanks in advanceDid you try DVD player. It comes on the Mac. It will play the video_ts folder just like you had it on a dvd. I store certain favorite movies on my external hard drive in this format. That way I can watch them on my computer without the physical dvd in and get the same quality.
Once they get converted to .avi or other format then you lose some of the resolution. I do this for movies I am going to watch on my iPod. I usually have two version of my favorites on my hard drive.
The DVD ripped version and the iPod version. With a large external drive I don't care that each ripped movie is 4 gig or so in size.
If you use the dvd player do not try and open the folder that has the movies name. It will come back with an error. Open the sub-folder called video_ts. Then it will work correctly.
Mort
Maybe you are looking for
-
Unable to save/publish Projects on Project Server 2010() using Project Pro 2007 and 2010
Hi, Recently we have upgraded from Project Server 2007 to 2010 SP-2 (BCM enabled) environment and from last few days we are getting issue with Project Plans where PMs are not able to update Projects means save and publish the Project using MS Project
-
HELP! I have tried all sorts of things, like: - removed syst prefs to desktop then restarted - un-done, re-done, re-booted various options in International and Keyboard & Mouse - run disk utility, both from startup CD AND in target disk mode - ran pe
-
Best way for Java/C++/C# to share data in a cache?
I have an order processing application which listens for Order objects to be inserted in a cache. If I want Java, C# and C++ apps to be able to submit orders to that cache, what's the best way to set up that Order object? Orders currently have many E
-
.
-
Creating Photoshop buttons for motion menus and photoshop menus
Hi I need to create buttons in photoshop for both a photoshop menu and a motion menu on DVD studio pro program Can someone tell me how to do it on both different menus? I really need some DETAILS on how to do it. Thanks for your time and responses ah